[Zope] Aquisition, UserFolder and security

bruno modulix bruno at modulix.org
Tue Sep 27 05:34:57 EDT 2005


Hello hi

I have a little problem with aquisition and security. We have a project
using multiple CPS instances (for those that don't know CPS, it's a CMF
based groupware/CMS) running in the same Zope instance, and being
siblings of each others [1]. One of these instances is the main entry
point for the portal (I'll all it the 'portal'), the others are acting
as workspaces for dedicated communities (I'll call them CPMs).

Each CPS instance has its own UserFolder. All users exists in the
portal's UserFolder, but only exists in some CPMs UserFolders. Now the
problem is that, due to acquisition, a member existing in the Portal but
not in a given CPM can gain access to this CPM by faking the url - ie:
going to mydomain.tld/portal/cpm instead of mydomain.tld/cpm. So we have
a potential (err...) security hole here, that I would like to address ASAP.

We've been thinking of using apache's rewrite rules, but since the
customer will have the possibilitie to create new CPMs at will, this
won't do. Idem for using subdomains, or anything implying the
modification of apache conf.

So we must fix the problem inside Zope itself. I searched the doc, this
list's archive and the source code, and it seems that possible solutions
involve playing with __bobo_traverse__ or
__before_publishing_traverse__, but my (very naive) try didn't make it,
so I'd really enjoy any hint and/or pointers about howtos, do's and
don't, or any other resource concerning these hooks.

Another thing I've been thinking of, reading BasicUserFolder's source,
would be to subclass it and redefine the _isTop() method so users
wouldn't been looked up for in a UserFolder placed in the context by
acquisition, but I don't know enough about the whole mechanism to be
sure it would'nt have unwanted side-effects and drawbacks.

It's also very possible that I missed another simpler and better
solution, so here again, any hint, pointer etc is *very* welcome.

TIA


[1] don't tell me, I know this is far from the best possible
architecture, but that's the only one that we could think of that would
let us meet the deadline. CPS Workspaces did not offer enough
functionalities to be used for CPMs, and we need a tight integration
between the Portal and CPMs.

-- 
Bruno Desthuilliers
Développeur
bruno at modulix.org


More information about the Zope mailing list